43 matches found
Уязвимости в PHPIDS
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Full path disclosure и Information Leakage уязвимостях в PHPIDS. Full path disclosure WASC-13: http://site/script.php?p=’ При отправке "атакующего" запроса такого как с одиночной кавычкой к любому php-скрипту на сайте с PHPIDS выводится полный пут...
PHPIDS 0.4 - Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================ PHPIDS 0.4 - Remote File Inclusion Vulnerability ================================================ PHPIDS 0.4 - Remote File Inclusion Vulnerability @package PHPIDS @Version 0.4 @license...
PHPIDS 0.4 - Remote File Inclusion
PHPIDS 0.4 - Remote File Inclusion PHPIDS 0.4 - Remote File Inclusion Vulnerability @package PHPIDS @Version 0.4 @license http://www.gnu.org/licenses/lgpl.html LGP @link http://php-ids.org/ Type : Remote File Inclusion Vulnerability Author: eidelweiss Date : 2010-02-08 Location: Indonesia...
PHPIDS 0.4 Remote File Inclusion
PHPIDS 0.4 - Remote File Inclusion Vulnerability @package PHPIDS @Version 0.4 @license http://www.gnu.org/licenses/lgpl.html LGP @link http://php-ids.org/ Type : Remote File Inclusion Vulnerability Author: eidelweiss Date : 2010-02-08 Location: Indonesia http://yogyacarderlink.web.id Contact:...
PHPIDS 0.4 - Remote File Inclusion
PHPIDS 0.4 - Remote File Inclusion Vulnerability @package PHPIDS @Version 0.4 @license http://www.gnu.org/licenses/lgpl.html LGP @link http://php-ids.org/ Type : Remote File Inclusion Vulnerability Author: eidelweiss Date : 2010-02-08 Location: Indonesia http://yogyacarderlink.web.id Contact:...
PHPIDS 0.4 - Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================ PHPIDS 0.4 - Remote File Inclusion Vulnerability ================================================ Type : Remote File Inclusion Vulnerability Author: eidelweiss Date : 2010-02-08 Location:...
Advisory 02/2009: PHPIDS Unserialize() Vulnerability
SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHPIDS Unserialize Vulnerability Release Date: 2009/12/09 Last Modified: 2009/12/09 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHPIDS = 0.6.2 Severity: PHPIDS unserializes user input which allows an attacker...
Code injection
PHPIDS before 20070703 does not properly handle use of the substr method in 1 document.location.search and 2 document.referrer; 3 certain use of document.location.hash; 4 certain "windoweval" and similar expressions; 5 certain Function expressions; 6 certain '=' expressions, as demonstrated by a...
Code injection
PHPIDS does not properly handle certain code containing newlines, as demonstrated by a try/catch block within a loop, which allows user-assisted remote attackers to inject arbitrary web script...
CVE-2007-3577
PHPIDS before 20070703 does not properly handle use of the substr method in 1 document.location.search and 2 document.referrer; 3 certain use of document.location.hash; 4 certain "windoweval" and similar expressions; 5 certain Function expressions; 6 certain '=' expressions, as demonstrated by a...
Code injection
PHPIDS before 20070703 does not properly handle 1 arithmetic expressions and 2 unclosed comments, which allows remote attackers to inject arbitrary web script...
Code injection
PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script...
CVE-2007-3579
PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script...
CVE-2007-3578
PHPIDS before 20070703 does not properly handle 1 arithmetic expressions and 2 unclosed comments, which allows remote attackers to inject arbitrary web script...
CVE-2007-3580
PHPIDS does not properly handle certain code containing newlines, as demonstrated by a try/catch block within a loop, which allows user-assisted remote attackers to inject arbitrary web script...
CVE-2007-3579
PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script...
CVE-2007-3577
CVE-2007-3577 affects PHPIDS prior to 20070703. The vulnerability arises from improper handling of the substr method in multiple contexts (document.location.search, document.referrer, document.location.hash, window[eval and similar expressions, Function expressions, certain '=' expressions such a...
CVE-2007-3578
PHPIDS before 20070703 does not properly handle 1 arithmetic expressions and 2 unclosed comments, which allows remote attackers to inject arbitrary web script...
CVE-2007-3577
PHPIDS before 20070703 does not properly handle use of the substr method in 1 document.location.search and 2 document.referrer; 3 certain use of document.location.hash; 4 certain "windoweval" and similar expressions; 5 certain Function expressions; 6 certain '=' expressions, as demonstrated by a...
CVE-2007-3579
CVE-2007-3579 affects PHPIDS prior to 20070703. The vulnerability arises because the system does not correctly handle setting the .text property of a SCRIPT element before it is attached to the DOM, enabling a remote attacker to inject arbitrary web script. The available documents confirm the aff...